Comply and Conquer - SSDF Attestation Form and Repo Released!
CISA has released the SSDF Attestation Form on March 11 and Publishes the Repository for Software Attestation and Artifacts on March 18.
In Effort to Bolster Government Cybersecurity, Biden Administration Takes Step to Ensure Secure Development Practices -
CISA Publishes Repository for Software Attestation and Artifacts -
https://www.cisa.gov/news-events/news/cisa-publishes-repository-software-attestation-and-artifacts
Supply Chain Attacks in the news:
Solarwinds - https://www.gao.gov/blog/solarwinds-cyberattack-demands-significant-federal-and-private-sector-response-infographic
Executive Order 14028 on Improving the Nation's Cybersecurity -
https://www.nist.gov/itl/executive-order-14028-improving-nations-cybersecurity
"The Guidance"
Software Supply Chain security guidance under EO 14028 section 4e - https://www.nist.gov/system/files/documents/2022/02/04/software-supply-chain-security-guidance-under-EO-14028-section-4e.pdf
Secure Software Development Framework (SSDF) Version 1.1 NIST SP 800-218: Recommendations for Mitigating the Risk of Software Vulnerabilities - https://csrc.nist.gov/pubs/sp/800/218/final
OMB Memorandum M-22-18 Enhancing the Security of the Software Supply Chain through Secure Software Development Practices - https://www.whitehouse.gov/wp-content/uploads/2022/09/M-22-18.pdf
InfusionPoints SSDF Blogs:
SSDF And How It Impacts Your CSO-KAS - https://infusionpoints.com/blogs/ssdf-and-how-it-impacts-your-cso-kas
Automatically Generating SBOMs For Customers - https://infusionpoints.com/blogs/automatically-generating-sboms-customers
Generating And Safeguarding Artifacts For SSDF Attestation - https://infusionpoints.com/blogs/generating-and-safeguarding-artifacts-ssdf-attestation
Authors:
Karen Scarfone
Mike Strohecker
Jason Shropshire
